[OpenAFS] Kerberos with AFS
Derrick J Brashear
shadow@dementia.org
Tue, 22 May 2001 10:43:07 -0400
>> > 7. What special configuration, maybe patches does kerberos need for AFS
>> > integration? (key types...)
>>
>> Patches: with modern MIT or Heimdal, none. The rest depends if you're
>> converting from an old kaserver database or starting a new cell. If
>> you're starting a new cell, merely supporting v4-salted keys is
>> sufficient; If you're converting an old database you'll need to
>> configure to use afs3 salted keys with an appropriate cell name.
>
>
> See the post of me and Forrest Whitcher about the key problematic.
>
> Mention that the krb principal "host/name.of.machine.domain" get
> translated to the afs principal "rcmd.name".
That would be "the krb5 principal "host/name.of.machine.domain" gets
translated to the krb4 principal "rcmd.name".
As you mentioned, AFS happens to be a krb4 service, and these are merely
kerberos 5 and 4 conventions respectively.
-D